JP2004507162A - Reconfigurable computer network - Google Patents

Abstract

【Task】
A computer network is constructed to be able to add, delete, and move network objects in a network having a configurable router and a plurality of network objects, each located at a network node in the network. . The construction of the network of the present invention comprises: a) providing a point-to-point link between a configurable router and each network node; b) assigning a point-to-point identifier to each point-to-point link; D) receive a communication from a network object at a configurable router, each source referring to an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with the communication. Has the step of being able to determine

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
A method for constructing a reconfigurable computer network, and in particular, but not exclusively, a computer network that allows the addition, deletion, and movement of network objects in the network, and between an internal computer network and an external network The present invention relates to a method of transferring a network address for communicating over a network, and a method of constructing a wireless computer network enabling movement of network objects in a network.
[0002]
[Prior art]
When devices that enable the Internet move from one network in one administrative domain to another and between networks in the same administrative domain or between nodes in the same network, they usually require reconfiguration. And
[0003]
[Problems to be solved by the invention]
As a specific example, when a personal computer running the latest operating system moves from office to office, the user often changes the configuration of the Internet on these machines to suit different Internet environments. Intervention is required.
[0004]
This problem often manifests as a need to employ information technology and networking professionals to perform such restructuring, ie, to help users of devices that enable the Internet do so. In addition, network experts are needed to manage the network itself, which places a burden on Internet infrastructure owners and users for on-premise support and maintenance.
[0005]
Current approaches to this problem include self-propelled structures such as the Dynamic Host Configuration Protocol (DHCP), Internet Protocol version 6 (Ipv6), which help to alleviate the problem somewhat, but completely eliminate the problem. It cannot be solved. First, many of the current approaches require user intervention (albeit limited) to operate properly. Second, the adoption of these techniques has so far been slow and non-uniform. Thus, since all networks are not standardized in the use of current technology, they will use one or the other technology (or not at all) as they are moved from one administrative domain to another. No), it is necessary to rebuild the device that enables the Internet.
[0006]
It is an object of the present invention to provide a solution to some or all problems.
[0007]
[Means for Solving the Problems]
According to a first aspect of the present invention, it is possible to add, delete, and move network objects in a network having a plurality of network objects and a configurable router, which are respectively arranged in network nodes in the network. A method of building a computer network, comprising:
(A) providing a point-to-point link between a configurable router and an individual network node;
(B) assigning a point-to-point link identifier to each point-to-point link;
(C) obtaining a link layer identifier for each network object;
(D) receiving a communication from a network object at a configurable router, wherein each communication source references an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with said communication. Can be confirmed and
(E) receiving, at a configurable router, communications addressed to individual network objects, the destination of each communication being obtained by translating a point-to-point link identifier and a network address associated with said communication. And a link layer identifier that is determined by referring to the
(F) adding or removing a network object from or to a network, or moving from one point-to-point link to another link, with an identifier pair associated with the current communication and an identifier pair associated with the previous communication. Detecting with a configurable router and / or by detecting non-reception of communications.
[0008]
As will be appreciated from the following description, the present invention provides that other devices, such as client computers and printers, can be added or removed from the network, or moved within the network structure without the need for reconfiguration. Facilitate systems that can Further, in a preferred embodiment, the client computer and other devices have immediate, seamless access to an external network, such as the Internet.
[0009]
Preferably, the method comprises:
(G) automatically resolving the address of the communication according to the detected change.
[0010]
The configurable router is any suitable router or combination of routers. In some configurations, such as in large networks, the configurable router consists of multiple network routers working together.
[0011]
In some preferred configurations, the network objects are each assigned a network layer identifier that may not be unique within the network, and communications to network objects within the network are routed using point-to-point link identifiers. However, communications to objects outside the network are routed from the configurable router to the external object using the network layer identifier.
[0012]
Routing of messages to and from the configurable router is accomplished in a predetermined manner. In a preferred configuration, this is accomplished using, for each link layer identifier, a routing table having a corresponding network layer identifier, a corresponding point-to-point link identifier, and a corresponding network interface, wherein the network interface is a link layer identifier. Indicates the location associated with the router that mediates communication to the network object associated with.
[0013]
In some private networks, the client computer or other device relies on one or more servers with names known only within the private network for proper operation, and thus the client When a computer or other device moves to a new network location, an error occurs because the named server cannot be found. As a preferred feature, this method
(A) intercepting a request for a domain name system from a network object;
(B) analyzing such requirements;
(C) appropriately generating information indicating the analysis result of the request of the domain name system, and transferring the information to the requesting network object. .
[0014]
A "configurable router" preferably has the following features.
[0015]
(A) Conventional network layer routing is possible
(B) routing based only on point-to-point link identifiers is possible (i.e., except that even link-layer identifiers are ignored and only point-to-point link identifiers are used for the following determinations) Works like a switch)
(C) Network address translation is possible
(D) Retrieve the point-to-point link identifier of the associated internal network object during network address translation
According to a second aspect of the present invention, for communication between an internal computer network and an external network, which allows for the addition, deletion, and movement of internal network objects within an internal network having a configurable router. To translate the network address into
(A) providing a logical point-to-point link between a configurable router and an internal network object;
(B) assigning a point-to-point link identifier for each point-to-point link;
(C) obtaining a link layer identifier for each internal network object;
(D) receiving at the configurable router a communication addressed from the internal network object to the external network object, wherein the address of each external network object can be determined by a network layer identifier associated with the external network object. Wherein the internal network source for each communication is determinable with reference to an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with the communication;
(E) forwarding the communication to an external network object;
(F) receiving, at the configurable router, communications addressed to the internal network object from the external network object;
(G) determining, for each said communication, an identifier pair consisting of a point-to-point link identifier and a link layer identifier obtained by translating the network address associated with this communication, and said communication to a destination thus determined; Transferring the
(H) adding or removing the internal network object from the internal network, or moving from one point-to-point link to another link, by using a pair of an identifier related to a current communication and a pair of an identifier related to a previous communication. Detecting with a configurable router and / or by detecting non-reception of communications.
[0016]
When a router sends a communication to an object in an external network (such as the Internet), it provides the network layer identifier in any suitable manner. In one suitable configuration, a network layer identifier is assigned to the communication transferred from the configurable router to the external network object, wherein the assigned network layer identifier is the network layer identifier, ie, the network layer identifier associated with the router. One of the groups. As a preferred enhancement, the method may have support for translation routing between external and internal network objects of various types of services. In this case, the method
(A) Domain name system services,
(B) E-mail service,
(C) Hypertext conversion protocol service,
(D) voice services,
(E) video services,
(F) Telephone law services
Providing one or more of the routing services invisible to the user.
[0017]
According to a further aspect of the present invention, there is provided a method for constructing a computer network that allows for the addition, deletion and movement of network objects in a network. The computer network has two or more transparent routers having network layer identifiers and a plurality of network objects, each located at a network node in the network. This method
(A) providing a point-to-point link between the transparent router and a network node, respectively;
(B) assigning a point-to-point identifier to each point-to-point link;
(C) obtaining a link layer identifier for each network object;
(D) receiving a communication from a network object at one of said transparent routers, wherein the source of each communication refers to an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with the communication. Can be determined and
(E) receiving, at one of the transparent routers, communications directed to individual network objects, wherein the destination of each communication is by translating a point-to-point link identifier and a network address associated with the communication. Determinable with reference to an identifier pair consisting of the obtained link layer identifier,
(F) The addition and deletion of a network object to and from the network, or the movement of a network object from a point-to-point link to another link, is performed by one of the transparent routers by using a pair of an identifier of a current communication and a pair of an identifier of a previous communication. And / or by detecting non-reception of the communication.
The transparent routers are connected to form a routing hierarchy, each of the transparent routers is assigned a network identifier from a local loopback segment of the network layer identifier, and thus any valid currently used by a network node. Collisions with network layer identifiers are avoided.
[0018]
A "transparent router" preferably has the following features.
[0019]
(A) Understand point-to-point link identifiers for both incoming and outgoing communications
(B) has the ability to determine routing based on point-to-point link identifiers and / or link layer identifiers
(C) implement an improved address resolution protocol
(D) Network address translation is possible
It will be appreciated that the present invention has particular use in the field of mobile computing. In accordance with yet another aspect of the present invention, a wireless computer network is configured to allow movement of a plurality of network objects, each located at a network node in the network, and a network object in a network having a transparent router. A way to
(A) providing point-to-point links between the transparent router and the network node, respectively;
(B) assigning a point-to-point link identifier to each point-to-point link;
(C) obtaining a link layer identifier for each network object;
(D) receiving a communication from a network object at the transparent router, wherein the source of each communication can be determined by referring to an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with the communication. Yes, and
(E) receiving, at the transparent router, communications directed to individual network objects, the destination of each communication being a link layer obtained by translating a point-to-point link identifier and a network address associated with the communication. Identifiable with reference to an identifier pair consisting of an identifier and
(F) adding or removing a network object to or from the network, or moving from one point-to-point link to another link, with the transparent router relating the identifier pair associated with the current communication and the previous communication. Detecting by detecting a mismatch between the pair of identifiers and / or by detecting non-reception of the communication.
[0020]
As described above, in a preferred configuration, the transparent router consists of a hierarchy of routers, each of the routers being assigned a network layer identifier from a local loopback segment of the network layer identifier, thus providing a network node. Can avoid collisions with certain valid network layer identifiers currently used. Each router directly connected to one network object is a transparent router.
[0021]
BEST MODE FOR CARRYING OUT THE INVENTION
1 and 2 show the use of a point-to-point link according to the invention. Each link is a one-to-one data communication network link from a router to one network node. Each point-to-point link has a unique identifier (point-to-point link identifier, or PPLI) associated with it. This may or may not be manifest at the link layer. For this purpose, a VLAN (Virtual LAN) identifier is used in the implementation of the prototype of this design, which only explicitly specifies the general design.
[0022]
The system described in FIG. 1 shows a router and three network objects, labeled A, B, C, or client computers. Each client is assigned a unique link layer identifier (LLI), and each point-to-point link is assigned a unique point-to-point link identifier (PPLI), as shown in FIG. Also, each point-to-point link originates from a special network interface (DEV) on the router. In the arrangement of FIG. 1, the point-to-point link leading to A exits from the first network interface, and the point-to-point links leading to B and C both exit from the second network interface.
[0023]
A point-to-point design solves the problem of address collisions at the network layer and prevents interference (except for the uplink) between multiple nodes connected to transparent routers. This is shown in FIGS. 3A and 3B. FIG. 3A shows a situation where both A and C have a network layer identifier (NLI) of "N". In a standard network, this would cause the router to be unable to determine whether to route the message to A or C, causing a collision. FIG. 3B shows a solution to this problem. In this case, both A and B have an NLI of “N”, but A has an LLI of “LA” and a PPLI of “P1”, and B has an LLI of “LB” and a PPLI of “P2”. have. Thus, the router can distinguish between these two.
[0024]
Virtual LAN (VLAN) identifiers are already used in Cisco's and 3COM's higher end VLAN switches. Using a VLAN tag as a PPLI is a convenient embodiment of the point-to-point design of the transparent router of the present invention, but this is by no means the only solution. The use of PPLI to avoid address collisions, and in particular to detect movement, represents a considerable advance over methods in which VLAN tags have been used in the past.
[0025]
All Address Resolution Protocol (ARP) requests received from downstream point-to-point links are answered by transparent routers. The ARP response returned downstream by the transparent router will have the same invariant link-layer identifier () in the source link-layer address field of the ARP response, regardless of the intervening network interface that conveys the ARP response. LLI). The ARP response is conveyed over the same network interface (DEV) where the corresponding ARP request was received, using the same point-to-point link identifier (PPLI) as the corresponding ARP request. This is shown in FIGS. 4 (A) to 5 (B).
[0026]
The transparent router routes certain network traffic destined for the persistent LLI described above.
[0027]
Transparent routers typically work with routing tables. The routing table is updated dynamically. Each routing entry is associated with a link layer identifier (LLI) of the network node for which the entry was made. In this case, the link layer identifier may or may not have a virtual LAN (VLAN) identifier in addition to the LLI of the network node. Alternatively, the necessary information may be split into a routing table and a switching table, as is usually done in three layers of the existing layer (in existing layer three switches).
[0028]
The Network Layer Identifier (NLI) and the Link Layer Identifier (LLI) and Point-to-Point Link Identifier (PPLI) associated with a given routing entry are used by routers regardless of whether the client uses the same NLI throughout. It allows to predict that all traffic from the same LLI originates from the same client. The PPLI indicates the physical location of the client. Such treatment of LLI and PPLI is effective not only for the purpose of detecting movement but also for accounting.
[0029]
Whenever a link layer frame has the same source LLI, the network layer protocol data unit (PDU) in this frame has a different source NLI, but the routing entry corresponding to the previous NLI of the network node is moved. , A routing entry for the new NLI corresponding to the same LLI is inserted. That is, clients are uniquely identified by these LLIs, and not by their NLIs, and the routing of the network layer is dynamically adjusted to reflect this based on all incoming datagrams. On the other hand, PPLI is used to track the physical location of downstream network nodes as they move from one point-to-point link to another.
[0030]
Such an association is based on all incoming link layer frames and is required in the corresponding routing table entry to continue routing future datagrams to and from the network node. It is examined to look for certain changes, and provides for the movement of certain nodes from one network interface of one transparent router to the other as needed.
[0031]
Whenever an unknown LLI is observed in a given incoming link-layer frame, a new routing entry will be sent if traffic destined for the newly observed network node is routed through the appropriate interface and the PPLI on the transparent router. Generated to be routed to the correct point-to-point link.
[0032]
In addition, whenever a datagram directed to an unknown LLI is observed, the transparent router transmits an ARP request for that NLI. If the response is not published before a particular timeout, then the router treats the new destination LLI described above as its own, and thus the network PDU of the network PDU included in the link layer frame described above. Perform layer routing.
[0033]
This is shown in FIGS. 6A to 7B. FIG. 6A shows that the router receives a link layer frame of PPLI = 1, NLI = NW, and LLI = LW. The LW is unknown to the router, so the router transmits an ARP request for NLI = NW, as shown in FIG. 6 (B). As shown in FIG. 6 (C), when the response “NW is in LW” is received, the details of the new node are added to the routing table, and as shown in FIG. 6 (D). If no response is received and the ARP times out, no change is made.
[0034]
Also, the transparent router can route traffic destined for a given LLI and direct an ARP response for this LLI before a specific timeout.
[0035]
Upon entering a routing entry for a particular VLAN identifier that already has an associated existing routing entry, the transparent router will, on all of its network interfaces, ensure that the network node corresponding to the existing routing entry is still from the transparent router. An ARP request for confirming that access is possible is transmitted. If the corresponding ARP response is not received before a certain timeout, such a node is determined to have been removed from the network and any necessary cleanup is performed.
[0036]
This is shown in FIGS. 8 (A) to 9 (E). FIG. 8A shows an existing arrangement and a routing table. FIG. 8B illustrates the discovery of a new Node B on link P1 that causes a change in the routing table. FIG. 9A shows a query made to determine if A is still present on link P1, and FIG. 9B shows a response if A is still present. In this case, no further changes are required. FIGS. 9C and 9E show actions required when A is deleted from the routing table and ARP times out.
[0037]
However, if an ARP response is received from the network node described above, but on a different interface, subsequent updates to the routing table will be made to reflect the new location of the network node. The new link layer frame is processed as described above when a new link layer identifier is observed.
[0038]
Multiple routers may use the same immutable LLI on multiple interfaces each connected to a network node that is not a transparent router. That is, the actual interfaces using the persistent LLI are one end of an identifiable point-to-point link, each with a network node that is not a transparent router, but from the perspective of the other network nodes a single network There can be multiple hierarchies of transparent routers coexisting as if they had interfaces (and could even appear as a single machine). This is shown in FIG.
[0039]
Typically, the routing hierarchy is occupied by routers that can set other than the leaf nodes of the hierarchy. Leaf nodes consist of transparent routers, which are each one network hop out of the internal network object (but these are more than one link, for example if switches and hubs are used) Layer hops).
[0040]
The root node or nodes of the transparent routing hierarchy are configurable routers having network address translation capabilities and capable of supporting NAT sessions with internal network nodes' PPLIs (but, of course, the root nodes The LLI of such a node is not essential, unless it must be a node and thus itself a transparent router, capable of supporting a NAT session with a pair of internal network objects (PPLI, LLI). ). Internal nodes in the transparent routing hierarchy need not perform NAT, but must be able to route communications pertaining to PPLI only.
[0041]
According to the present invention, there are two ways to implement a transparent routing hierarchy and thus a dynamic network. The first method does not provide support for moving internal network objects, but is easy to build quickly. However, it is relatively difficult to support movement later in this way. In the following discussion this is referred to as hierarchical method A. The second method provides easy support for seamless movement for clients, but is relatively difficult to perform first. In the following discussion this is referred to as hierarchical method B.
[0042]
Hierarchy method A
Hierarchical routers are configurable routers having a NAT function capable of executing conventional NAT (or NAPT). The routers inside the hierarchy are simply conventional routers that do not need to perform NAT or be PPLI aware. The router at the leaf node of the hierarchy is a transparent router that performs PPLI-aware NAT. They also provide improved ARP and related mechanisms.
[0043]
Since each transparent router is also a NAT box, ongoing communication sessions between internal and external network objects have state information stored in the associated transparent router. As internal network objects move from one such transparent router to the other, NAT status information may also be moved from one NAT box to another. This is tangled in the direction of execution, rather than being able to be moved. Alternatively, the state information of the NAT is simply ignored, allowing the communication session to time out.
[0044]
Whichever choice is made, the upstream configurable routers on the transparent routers must be able to relay these communications to the correct downstream transparent router (if the client has moved). Have to update the routing table. These routes are dynamically updated according to FIG.
[0045]
Hierarchy method B
This is basically the hierarchical method A, but has the following differences.
[0046]
(1) The transparent router at the leaf node of the routing hierarchy does not perform NAT. They simply route upstream and downstream traffic based on the point-to-point link identifier of the communication. Such a routing decision requires knowledge of the network device originating the communication that is newly entering and being received by the router, depending on how the PPLI has been assigned to the links in the routing hierarchy.
[0047]
(2) Internally configurable routers within the transparent routing hierarchy must be able to handle the PPLI for the traffic they route. Such traffic is routed according to the PPLI (and possible new network equipment) of the communication, ie, in the manner that the transparent router does the routing.
[0048]
(3) The root router in the hierarchy is also a configurable router, which also executes NAT. At this time, it executes PPLI-aware NAT (PPLI-aware NAT).
[0049]
Seamless movement is provided by the transparent routing hierarchy of FIGS. 14 (A) and 14 (B), in which the state information of the NAT is such that the internal network nodes move from the point-to-point link of one transparent router to the point-to-point of the other transparent router. When moving to a link, it does not need to be moved from one router to the other. The route update mechanism as in method A provides exactly this level of movement. However, the root router (ie, the PPLI-aware NAT box) needs to be able to update its NAT state information (ie, the NAT associated PPLI field) when the internal network object actually moves. Please be careful. Note also that such an update does not change the NAT itself, only the resulting forwarding of the communication.
[0050]
Multiple routing entries can coexist in the transparent router's routing table, each having its own unique LLI (and / or PPLI) but sharing the same destination NLI. Some examples of valid routing tables are shown in FIG.
[0051]
Network Address Translation (NAT) and variants thereof, such as Network Address and Port Translation (NAPT), are not necessarily by the transparent router itself, but at higher levels in the routing hierarchy (ie, closer to the root of the router's tree). ).
[0052]
Network address translation (NAT) and variants thereof, such as network address and port translation (NAPT), are known. The ease of dynamic NAPT is provided in the GNU / Linux operating system, where it is commonly referred to as "IP masquerade". However, in order to perform routing for the client independently of the NLI (i.e., the client's "zero-configuration"), and to support the client's seamless network movement, the above ARP Utilizing NAT / NAPT with technology significantly advances the known technology. The use of only NAT / NAPT cannot provide a zero structure because the client must specifically use the NAT unit as these default gateways.
[0053]
FIGS. 12A through 14D illustrate the movement of a network object, such as a client computer, across a network structure from one location to another. FIG. 12 (A) shows a message being sent from A to the transparent router through the first link to an external address. FIG. 12B shows the movement of A from the first link to the second link. FIG. 12C shows that the response was received during the same session and was correctly routed to A over the new link. FIG. 12D shows that A has been moved to yet another link and the routing table has been updated accordingly.
[0054]
FIG. 13A shows a transparent routing hierarchy in which A sends a communication to an external address via a first router. FIG. 13B shows the movement of A from the first router to the second router, and that the routing table has been updated accordingly. FIG. 14 (D) shows that the response from the external address during the same session is correctly routed to A via the second router.
[0055]
All of the above applies to point-to-point links on the downstream side of the transparent router. Upstream connections are special except for normal TCP / IP standards, except that a subset of the local loopback address space may be used to route traffic to and from the upstream connection. No processing is required.
[0056]
The zero structure feature of the present invention generally requires three mechanisms operating in parallel to produce work. The three mechanisms alone are insufficient to provide the above characteristics.
[0057]
(A) Expected network behavior
The network needs the network objects to behave as expected on the network. At a minimum, this requires a transparent router to service all ARP requests sent by the network object. As a result, all ongoing communications from the network object are targeted at the transparent router.
[0058]
If the transparent router does not respond to an ARP request from the network object, the network object "hangs" waiting to resolve the destination link layer address.
[0059]
This idea is further extended so that any local resources required by the network object are provided by a dynamic network, such as a default gateway router, DNS server, PDC. This means that any resource requests sent by the network object will be moved by the dynamic network so that the network object mimics the expected behavior as if it were within the original home network. The purpose is to be satisfied.
[0060]
(B) Confirmed transfer path (Learned Forwarding Path)
When a dynamic network receives communication by a network object, it must identify and record the path taken from the network node to the last exit from the dynamic network to the Internet. This allows the dynamic network to forward the response from the Internet to the first network object following the reverse of the recorded path.
[0061]
The router locates the interface of the downstream network, through which the network object is absolutely located by the PPLI of incoming upstream communications from the network object. When a router receives a communication addressed to a given network object, it uses it to absolutely identify the downstream path to forward the communication.
[0062]
Note that the reversal path taken for the response need not be the same as the first transfer path recorded for the request from the network object. This is by providing movement of network objects across multiple network nodes. At least one copy of the response must then be sent back to the last recorded path of the network node. A copy of the response must be sent back to the previously recorded path of the network object as well as adjacent network nodes that may be moved during the interval during which the network object initiates the communication and receives the response. No.
[0063]
(C) Network address translation
All communications leaving a network object must be processed by Network Address Translation (NAT) before being forwarded to the public Internet. This is because the network layer identifier (IP address) of the network object is not topologically correct. There is no way for the ultimate recipient to respond to the network object. Thus, NAT must be done so that the dynamic network can be assigned a topologically correct IP address for outgoing traffic. The recipient returns a predetermined response to this topologically correct IP address so that the dynamic network can receive the response.
[0064]
Transparent routing hierarchy
The NLI of the downstream transparent router interface (and some upstream interfaces) is preferably allocated from the local loopback segment. This is to prevent collision with any valid NLI used by network nodes that are not transparent routers.
[0065]
Two or more transparent routers can be connected to form a routing hierarchy, and all routers in the hierarchy can be associated with addresses from the ranges described above by these network interfaces. The addresses used in this way are unique within the transparent routing hierarchy. Thus, a stack of existing network protocols can be used on transparent routers with minimal improvement without breaking this existing network protocol.
[0066]
Thus, normal routing is used in the transparent routing hierarchy, and all internal links (ie, links between multiple routers in the transparent routing hierarchy) are similar to loopback links for a single transparent router. ing. Thus, the entire hierarchy is equivalent to a single transparent router performing all internal network processing through its local loopback interface. This configuration allows for the distribution of workload and the provision of high availability, functional partitioning, network management, etc., rather than relying on a single transparent router. This is shown in FIG.
[0067]
Traffic routed through the transparent routing hierarchy undergoes translation of one or more network addresses (and / or ports). This allows downstream nodes to use network layer identifiers that may be invalid at these current network locations.
[0068]
Paths to and from certain internal network objects may pass through multiple routers. This passage consists of a plurality of links. Each link along the same path need not be assigned the same PPLI.
[0069]
Wireless mobility support
Propagation of routes as described above allows the movement of downstream network nodes from one point-to-point link to another without terminating or stopping these existing network communication sessions. It has important applications in wireless networks. A user can move from one wireless network to another without changing the network layer identifier and thus without causing long or permanent delays or errors in executing network applications. FIGS. 12A to 14D show this as described above.
[0070]
Current network layer mobility solutions help approach this problem differently. The most noteworthy of these is Mobile IP (MIP) (RFC2002, RFC2005, RFC2344), where the additional functionality is only at the corresponding nodes in the public Internet to support the protocol. Must also be established with the client (but this is not absolutely the case for the corresponding node on the public Internet). The transparent routing hierarchy solution provided by the present invention does not require any modification of the client's nodes, other networks, such as their corresponding nodes in the public Internet.
[0071]
In addition, MIP does not rely on any kind of link layer identifier to solve the problem of address collisions, but instead elaborates on network layer tunnels to support address collisions and client movement. Depends on the system. The transparent router solution also performs routing updates within the transparent routing hierarchy itself to support client movement, in which the MIP relies on the corresponding node (or foreign agent agent). ) Instead communicates routing updates, and additional network layer tunnels must be established as the client moves from one network location to the other.
[0072]
If the MIP relies on a combination of additional network information (home and foreign agent forms) and client node information, the transparent router approach of the present invention is based on the network itself (ie, for example, By improving router and link layer techniques (eg, switching), all additional functionality is achieved. Movement detection and route transfer functions are established within the transparent router itself, and a point-to-point configuration with a unique PPLI for each transparent router is utilized to facilitate movement detection.
[0073]
Also, MIP is intended to be used universally, independent of the architecture of the network, while the transparent router solution implements a point-to-point downstream architecture. Thus, MIP is suitable for general deployment within the Internet. The transparent routing hierarchy, on the other hand, is less suitable and is only suitable for special situations where downstream point-to-point is more suitable.
[0074]
This does not mean that the downstream point-to-point links need to always be physically separated along their entire length for the purposes of the present invention. Through the use of unique PPLIs, traffic from multiple point-to-point links may be aggregated along a single upstream link, such that upstream traffic belonging to different downstream links may still be identified.
[0075]
Another solution that has been attempted for the mobility problem is the IP Relocation (RAT) protocol, which utilizes network address translation. The RAT protocol seeks to provide general network layer mobility over the public Internet without the modification of client nodes. However, no attempt has been made to communicate the routing of information between network nodes, and it does not rely on either link layer information or architecture. RATs also provide only limited network layer mobility. Between the mobile network nodes and their corresponding network nodes, to protect the ongoing transport and application layer sessions as the mobile network node moves from one network location to the other, No attempt has been made. In contrast, the transparent router solution of the present invention protects the entire network and transport and application layer sessions as the client moves from one point-to-point link to the other.
[0076]
Transparent support for standard services
FIG. 15 shows that the invention can be used to provide transparent routing of various services between internal and external network objects. As shown in FIG. 15, all DNS, HTTP, and SMTP sessions destined for a client from a client to an upstream host in the transparent routing hierarchy are inappropriately routed to one or more local servers. You. The local server belongs to the transparent routing hierarchy or is located upstream, and acts as a proxy between upstream and downstream communication parties.
[0077]
A Transparent Domain Name System (DNS) proxy can be a standard DNS transfer device or have enhancements not found in a standard DNS transfer device. The transparent mail proxy may be a standard and simple mail transfer protocol (SMTP) server. The transparent web proxy may be a standard hypertext transfer protocol (HTTP) proxy service.
[0078]
With the intentionally improper routing described above, local servers give the illusion that these clients are connected to the public Internet, and allow them to successfully complete the processing of these networks. On the other hand, you actually perform these networking operations with the public internet to benefit these.
[0079]
Transparent proxies for other standard network application protocols also support a full range of protocols commonly used on the Internet, such as Real Time Streaming Protocol (RTSP), Voice over Internet Protocol (VoIP), etc. Can be generated to
[0080]
Proxy servers are known. However, these conventionally require the configuration of a client computer. According to the present invention, according to a preferred configuration, the client software is not improved (and thus does not necessarily have the knowledge of the client software, nor does it necessarily have the knowledge of the end user using the client). (Even without it).
[0081]
Phantom DHCP server
Dynamic Host Configuration Protocol (DHCP) requires a DHCP server on its network to provide network configuration parameters.
[0082]
The DHCP server uses a network from a subset of the local loopback subnet to avoid collision of the network layer identifier between the DHCP server and the client previously configured to use the unique network layer identifier. It may operate through one or more network interfaces using a layer identifier. In order to allow proper operation of the DHCP client, the DHCP message passed from the server to the client must have a predetermined value for the actual network layer identifier of the DHCP server in the network layer protocol header before reaching the client. Information does not necessarily have to be provided. However, the DHCP server may respond to the DHCP message addressed to any network layer identifier by which the client was notified that the server was used in the DHCP message.
[0083]
DHCP is a protocol standardized by the Internet Architecture Board (see RFC2131, RFC2132), and the Internet Engineering Task Force (IETF) Dynamic Host Configuration Working Group (DHC) GW (DHC), headed by Professor Ralph Droms of Bucknell University. Developed by This has made the older BOOTP protocol obsolete (RFC1541).
[0084]
FIG. 16 illustrates how the present invention can be applied to the use of DHCP. Use of spurious information in the mandatory 'server identifier' option of the DHCP message is expressly prohibited by RFC 2131, but may be used for the practice of the present invention.
[0085]
Initially, the DHCP client does not have an associated NLI (eg, for IPv4, this would be the IP address 0.0.0.0). The DHCP server has an NLI called NS. The steps shown in FIG. 16 are as follows.
[0086]
(1) The DHCP client broadcasts a DHCP DISCOVER message.
[0087]
(2) The dummy DHCP server responds with a DHCP OFFER message that provides an NLI called NA to the client, among other settings. However, the server creates a response that appears to originate from a DHCP server whose NLI is NT, even in network layer PDUs. Furthermore, the fields of the DHCP message from the server (eg, siador siaddr) do not reflect its true NLI NS (eg, in this case, reflect NT instead). It is useful to generate the NT as if it were on the same network layer subnet as if the client had accepted the host configuration settings from the DHCP server.
[0088]
(3) The client accepts the settings from the DHCP server and decides to pass an appropriate DHCP REQUEST message to the server whose NLI is NT. Note that no such server actually exists. The simulated DHCP server makes the client appear to such a server to be present, and provides the client with configuration settings as if it were such a server.
[0089]
(4) The pseudo DHCP server responds with a DHCP ACK message confirming the client's host configuration settings. Also, the true network layer identifier NS of the fake DHCP server is hidden from the client at all protocol levels. Multiple fake DHCP servers may cooperate to overlap groups of clients, as described in RFC 2131 for normal DHCP servers.
[0090]
Support for improperly built clients
The use of periodic router advertisements to support improperly constructed clients is described. If the client is pre-configured to use an inappropriate network layer identifier that was not assigned by DHCP or some other dynamic configuration mechanism and does not have a default gateway, In general, you couldn't access the Internet until you improved the settings on these clients.
[0091]
This problem is circumvented by the periodic routing transmission of routing advertisements by the transparent routing hierarchy. Advertised routes need not be valid. These routing advertisements are simply used to cause the downstream network node to automatically configure the default router.
[0092]
Advertisement of routing alone does not make such an improperly constructed client accessible to the Internet. However, in combination with the rest of the systems described herein, such clients can access the Internet.
[0093]
In addition to not having a default gateway, improperly constructed clients also do not have a default DNS server. If such clients support the NetBIOS protocol (RFC1001, RFC1002) and the generation that follows the NetBIOS protocol (NetBEUI, NT LAN Manager, etc.), they will return to NetBIOS name lookup. It is known.
[0094]
To provide DNS support for such clients, a NetBIOS / NetBEUI name server is set up as a transparent DNS proxy.
[0095]
Windows NT LAN Manager's transparent proxy is a less transparent proxy than an illegal server. NT domain logon to ensure that the client never displays an error message to the end user of this client node (eg, the network is unreachable, cannot log in, invalid password, etc.). And NT PDC certification always follow.
[0096]
Also, sharing of anonymous files is provided, and access control is determined solely by the LLI of the client node, although additional access control mechanisms (eg, simple username / password pairs) are possible in the future. . Furthermore, because the LLI of the client is typically globally unique, users of different transparent routing hierarchy facilities can be provided with persistent roaming sharing through conventional file sharing mechanisms.
[0097]
Transparent private network support
A "creative DNS transfer device" may be used in accordance with the present invention to overcome problems in practicing the present invention in some configurations. Downstream network nodes may be constructed to rely on servers having names known only in private networks not accessible by the public Internet for proper operation. If such a network is not directly or indirectly accessible from the external interface of the transparent routing hierarchy itself, these clients cannot function without error.
[0098]
To enable such clients to function without errors, a creative DNS forwarding device may be used instead of the standard DNS forwarding device in transparent DNS described above.
[0099]
The creative DNS forwarding device is similar to a standard DNS forwarding device with one exception. The exception is that it parses not only responses from one or more upstream servers in the DNS hierarchy but also requests from client resolvers to determine when it deviates from the DNS standard in responding to clients. Is a point.
[0100]
In particular, heuristics are used to determine whether to generate spurious information to give the illusion that the DNS query from the D downstream network node was successful. This process is started as needed.
[0101]
Examples of possible heuristics include when an NXDOMAIN or other error indication is received from an upstream DNS server in response to a query forwarded from a downstream client, or before a specific timeout from an upstream DNS server. If there is no response, a response is dynamically formed and returned to the client to force the client's DNS query to succeed. The heuristics used need to be adjusted to suit the actual network environment where the creative DNS forwarding device is deployed.
[0102]
Also, whenever the client attempts to initiate a communication session with a network node having the network layer identifier returned in the forged DNS response above, the session is handled as described above (for standard services). If transparent proxy is not possible at all, this is explicitly rejected by an appropriate firewall mechanism that works either within the transparent routing hierarchy or further upstream.
[0103]
FIG. 18 shows a creative DNS proxy having the following steps.
[0104]
(1) The internal network object (client node) sends a DNS automatic verification message.
[0105]
(2) The creative DNS proxy intercepts the client's auto-match message and sends the transferred auto-match to a DNS server located upstream.
[0106]
(3) The upstream DNS server resolves the query and responds with the result (NOERROR).
[0107]
(4) The creative DNS proxy returns a response to the client and changes the data where appropriate.
[0108]
(5) The client sends a DNS automatic verification message.
[0109]
(6) The creative DNS proxy intercepts the client's auto-match message and sends the transferred auto-match to a DNS server located upstream.
[0110]
(7) The upstream DNS server responds with a non-existent domain (NXERROR) message.
[0111]
(8) The creative DNS proxy decides to return a successful response to the client via a heuristic internal application.
[0112]
(9) The creative DNS proxy dynamically generates the appropriate information for a successful response (NOERROR) and forwards the formed response to the client.
[0113]
(10) The client sends a DNS automatic verification message.
[0114]
(11) The creative DNS proxy intercepts the client's auto-verify message. This determines that no automatic matching to the upstream server is required through the heuristic's internal application.
[0115]
(12) The creative DNS proxy generates an appropriate DNS response and forwards it to the client. Such a response may or may not have dynamically generated information as in step (9) above.
[0116]
(13) The client sends a DNS automatic verification message.
[0117]
(14) The creative DNS proxy intercepts the client's auto-verify message. This determines to return a non-existent domain (NXDOMAIN) message to the client through a heuristic internal application.
[0118]
(15) The creative DNS proxy generates an NXDOMAIN response and responds to the client.
[0119]
(16) The client sends a DNS automatic verification message.
[0120]
(17) The creative DNS proxy intercepts the client's auto-verify message and sends the transferred auto-verify to the DNS server located in Apple Stream.
[0121]
(18) Even after a certain timeout, the creative DNS proxy receives a response from the upstream DNS server and interprets that the response has not been advertised. The creative DNS proxy can query multiple upstream or downstream DNS servers, either consecutively or in parallel, and before making this conclusion, sends a DNS request to the upstream server until a predetermined number of timeouts have occurred. I want to mention that
[0122]
(19) Through the heuristic's internal application, the creative DNS proxy decides to return either a non-existent domain message (like step 15 above) or a DNS response to success to the client.
[0123]
(20) The creative DNS proxy creates an appropriate response and sends it to the client, as determined in step 19.
[0124]
Transparent support for non-standard services
It will be appreciated that the present invention can be used to provide transparency support for non-standard devices such as drag and drop printers, faxes, and the like. This may be performed by an application server provider for the output device.
[0125]
The invention is also based on access to a network node, for example, a network computer such as a small calculator, or a network server such as a web server on a print / fax server, or embedded in a printer / fax machine. , Scanners, web browsers, etc., may be adapted to provide network access to output devices that do not have driver support for embedded appliances.
[0126]
One problem associated with this is that in order to change the native format of the application to the native format of the output device, it is necessary to install a device driver for a given output device. Changing the output device or using a new feature on the output device requires a new driver. This problem can be solved by a converter capable of accessing an identifiable network translating a given application format into a format of a given device accessible to said network. This has the advantage that there is no driver mounting problem. There is no need to install drivers for new devices in the visited network to roam users. For large deployments, there is no need to install drivers for all network nodes to use the new shared device. All users have immediate access to all available shared devices.
[0127]
Further, this may provide one point of maintenance and upgrade. Driver support is only needed at the server end. Access control and usage accounting can be controlled at the server end.
[0128]
The example application is a shared file storage location or a web URL for accessing the output device. Known working groups (trademarked), such as ASP printers and ASP faxes, for directories of exported files are advertised by the local browse master. The user optionally uses File-> Save and selects Network-> ASP Workgroup to print / fax the file. To specify the fax number, the ASP Fax Working Group has a predefined list of fax recipient directories, such as the ANT Labs company's fax file directory. To specify the new fax number, the user saves the document in another fax recipient's directory. The document file name is a fax number.
[0129]
For web-based access, the pull-down menu shows all available output devices on the network, similar to a printer pull-down menu selection on MS Windows. After selecting a particular output device, the web page is updated to allow selection of output device capabilities, such as, for example, color / b & w, A3 / A4, duplex, fax number, and the like. The user may select to preview the printout and convert the document to HTML or XML. The user submits a document for printing / faxing to the shared file storage via the HTTP POST MIME ENC / DATA type.
[0130]
A converter with identification capability may identify the type of document by utilizing an extension of the default file or by parsing the header of the document file. A dumb converter relies on the user to select an appropriate document filter, but forces the user to save supporting document formats, eg, PostScript, HTML. A dumb converter can be used as a fail-safe, catch-all solution when a discriminating converter fails.
[0131]
Move detection
A protocol for bonding may be used between the link and the network layer (eg, Address Resolution Protocol (ARP) when using TCP / IP over Ethernet) to detect presence. Detection of presence can thus be used to monitor habitually.
[0132]
When an ARP request is detected from a client, the link layer and network layer identifier of the originating network node are remembered along with a time stamp indicating the time of detection. An ARP request is sent by a transparent router within a specific interval to seek a response from a client. Such an ARP request must be unicast to the relevant network node. If no response is made before a particular timeout, the client is interpreted as no longer a member of the network and the client's resource usage record may be updated accordingly.
[0133]
The ARP request may be sent along the same point-to-point link, from which the client's first request is received by the transparent router. Alternatively, if movement detection is desired, the ARP request may be sent to all (or a set of adjacent) downstream point-to-point links, even though the ARP request itself is not addressed to the broadcast link layer identifier. Can be sent by a transparent router.
[0134]
Certain protocols that perform a similar bridging function between the link and the network layer protocol (eg, ARP) may thus be used for presence detection, billing, and movement detection.
[0135]
Not all ARP requests are answered by transparent routers. Alternatively, only ARP requests from the link-layer identifier of a network node that is known to be at the end of the downstream point-to-point link furthest from the router and that is not addressed to the network node's network-layer identifier are the same. Known at the far end of the network link, it seeks a response from the transparent router only after a certain timeout.
[0136]
That is, if one or more nodes are on the same end of a point-to-point link, and one of them sends an ARP request to another, the transparent router will not respond. Also, if the ARP of the other node is not known to query for the presence of one node at the end of the point-to-point link, an intentional delay is introduced before the transparent router sends an ARP response. .
[0137]
As a result, a broadcast link layer that supports multiple network nodes may be at the end of a given point-to-point link that is far from the transparent router with minimal disturbance from the transparent router itself. That is, ARP also works between nodes in the shared link layer, without any pre-determined effective interference by transparent routers, while on the other hand some of these network nodes will communicate with network nodes that are not in the same link layer. Any attempt to result in an interaction with a transparent router that spans a point-to-point link, as described for the transparent router above.
[0138]
Further, a network node traveling from one point-to-point link to the other has a travel pattern detected by a transparent router, which pattern is to continue routing network traffic to and from the node. The node's existing network or application-level sessions are kept permanently undisturbed, while their configuration is independent, whether such sessions are stateful or stateless. Can be updated.
[0139]
This is regardless of whether the transparent routers in this section refer to a single transparent router or a collection of multiple transparent routers operating in tandem (see the transparent routing hierarchy above). , Apply.
[0140]
It will be understood that various modifications and additions and / or improvements may be made to the components described above without departing from the scope of the invention.
[Brief description of the drawings]
FIG. 1 is a schematic diagram illustrating aspects of a network according to the present invention.
FIG. 2 is a schematic diagram illustrating another aspect of the network according to the present invention.
FIGS. 3A and 3B are schematic diagrams respectively showing a problem and a solution of a collision of a network address according to the present invention.
4A and 4B are schematic diagrams illustrating communication between a network object and a router according to the present invention.
5A and 5B are schematic diagrams showing communication between a network object and a router according to the present invention.
6A to 6D are schematic diagrams showing addition and movement of a network object to a link according to the present invention.
7A and 7B are schematic diagrams showing addition and movement of a network object to a link according to the present invention.
FIGS. 8A and 8B are further schematic diagrams illustrating the addition and movement of a network object to a link.
FIGS. 9A to 9E are further schematic diagrams illustrating the addition and movement of network objects to links.
FIG. 10 is a schematic diagram illustrating a transparent routing hierarchy according to an embodiment of the present invention.
FIG. 11 shows some useful tables for use in accordance with the present invention.
FIGS. 12A to 12D show seamless movement of network objects between different locations in a network.
13A to 13C further illustrate movement of a network object in a network.
14A to 14D further illustrate the movement of a network object within a network.
FIG. 15 is a schematic diagram of various Internet services functioning through a layer of transparent routing, according to an embodiment of the present invention.
FIG. 16 illustrates the use of DHCP in the context of an embodiment of the present invention.
FIG. 17 is a schematic diagram illustrating the use of periodic router advertisement according to a preferred feature.
FIG. 18 illustrates the use of a “creative” DNS forwarding device according to a preferred feature of the present invention.

Claims (14)

A method of constructing a computer network to enable the addition, deletion, and movement of a network object in a network having a plurality of network objects and a configurable router respectively arranged at network nodes in the network,
(A) providing a point-to-point link between a configurable router and an individual network node;
(B) assigning a point-to-point link identifier to each point-to-point link;
(C) obtaining a link layer identifier for each network object;
(D) receiving a communication from a network object at a configurable router, wherein each communication source references an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with said communication. Can be confirmed and
(E) receiving, at a configurable router, communications assigned to individual network objects, the destination of each communication being obtained by translating a point-to-point link identifier and a network address associated with said communication. And a link layer identifier that is determined by referring to the
(F) adding or removing a network object to or from the network, or moving from one point-to-point link to another link, with the identifier pair associated with the current communication and the identifier pair associated with the previous communication; Detecting with a configurable router and / or by detecting non-reception of communications. The method of claim 1, further comprising the step of: (g) automatically resolving the address of the communication according to the detected change. 3. The method according to claim 1, wherein the configurable router comprises a plurality of network routers operating together. The network objects are each assigned a network layer identifier that may not be unique within the network, and communications to network objects within the network are routed using point-to-point link identifiers, but outside the network. A method according to any one of claims 1 to 3, wherein communication to the object is routed from a configurable router to an external object using a network layer identifier. Routing of messages to and from the configurable router is accomplished using a routing table having, for each link layer identifier, a corresponding network layer identifier, a corresponding point-to-point link identifier, and a corresponding network interface. The method of establishing a computer network according to claim 4, wherein the network interface indicates a location associated with a router that mediates communication to a network object associated with a link layer identifier. (A) intercepting a request for a domain name system from a network object;
(B) analyzing such requirements;
(C) appropriately generating information indicating an analysis result of the request of the domain name system, and transferring the information to the requesting network object. How to build a computer network. A method of translating a network address for communication between an internal computer network and an external network, enabling addition, deletion, and movement of internal network objects within an internal network having a configurable router, comprising:
(A) providing a logical point-to-point link between a configurable router and an internal network object;
(B) assigning a point-to-point link identifier for each point-to-point link;
(C) obtaining a link layer identifier for each internal network object;
(D) receiving at the configurable router a communication addressed from the internal network object to the external network object, wherein the address of each external network object can be determined by a network layer identifier associated with the external network object. Wherein the internal network source for each communication is determinable with reference to an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with the communication;
(E) forwarding the communication to an external network object;
(F) receiving, at the configurable router, communications addressed to the internal network object from the external network object;
(G) determining, for each said communication, an identifier pair consisting of a point-to-point link identifier and a link layer identifier obtained by translating the network address associated with this communication, and said communication to a destination thus determined; Transferring the
(H) adding or removing the internal network object from the internal network, or moving from one point-to-point link to another link, by using a pair of an identifier related to a current communication and a pair of an identifier related to a previous communication. Detecting with a configurable router and / or detecting non-reception of communication. A network layer identifier is assigned to the communication transferred from the configurable router to the external network object, wherein the assigned network layer identifier is one of a group of network layer identifiers, i.e., network layer identifiers associated with the router; The method for translating a network address according to claim 7. 9. The method according to claim 7, further comprising the step of automatically resolving the address of the communication according to the detected change. (A) Domain name system services,
(B) E-mail service,
(C) Hypertext conversion protocol service,
(D) voice services,
(E) video services,
10. The method for translating a network address according to any one of claims 7 to 9, further comprising the step of: (f) providing a routing service that is invisible to the user, one or more of the telephony services. Construct a computer network that allows for the addition, deletion, and movement of a plurality of network objects each having a network layer identifier and a network object having two or more transparent routers, each being located at a network node in the network. The method,
(A) providing a point-to-point link between the transparent router and a network node, respectively;
(B) assigning a point-to-point identifier to each point-to-point link;
(C) obtaining a link layer identifier for each network object;
(D) receiving a communication from a network object at one of said transparent routers, wherein the source of each communication refers to an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with the communication. Can be determined and
(E) receiving, at one of the transparent routers, communications directed to individual network objects, wherein the destination of each communication is by translating a point-to-point link identifier and a network address associated with the communication. Determinable with reference to an identifier pair consisting of the obtained link layer identifier,
(F) The addition and deletion of a network object to and from the network, or the movement of a network object from a point-to-point link to another link, is performed by one of the transparent routers by using a pair of an identifier of a current communication and a pair of an identifier of a previous communication. And / or by detecting non-reception of the communication.
The transparent routers are connected to form a routing hierarchy, each of the transparent routers is assigned a network identifier from a local loopback segment of a network layer identifier, and thus any valid currently used by a network node. How collisions with network layer identifiers are avoided. A method for constructing a wireless computer network to enable movement of a network object in a network having a plurality of network objects and a transparent router each located at a network node in the network, comprising:
(A) providing point-to-point links between the transparent router and the network node, respectively;
(B) assigning a point-to-point link identifier to each point-to-point link;
(C) obtaining a link layer identifier for each network object;
(D) receiving a communication from a network object at the transparent router, wherein the source of each communication can be determined by referring to an identifier pair consisting of a point-to-point link identifier and a link layer identifier associated with the communication. Yes, and
(E) receiving, at the transparent router, communications directed to individual network objects, the destination of each communication being a link layer obtained by translating a point-to-point link identifier and a network address associated with the communication. And (f) adding or removing a network object to or from a network, or moving a network object from one point-to-point link to another link. Detecting a mismatch between the pair of identifiers associated with the current communication and the pair of identifiers associated with the previous communication, and / or by detecting non-reception of the communication. 13. The method of establishing a wireless computer network according to claim 12, further comprising: (g) automatically resolving the address of the communication according to the detected change. The transparent router consists of a hierarchy of routers, each of the routers being assigned a network layer identifier from a local loopback segment of the network layer identifier, and thus any valid currently used by the network node. 14. A method according to claim 12 or claim 13, wherein collisions with different network layer identifiers are avoided and each router directly connected to each network object is a transparent router.

Images